Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi

2/23 Importance of Secure Localization  Location-based Secret communication – Communication between different military establishments  Position-based Access control – Limit access to resources (e.g. printer) from some specific location – Pizza-delivery company may want to be sure the order actually came from the claimed position.  Location based routing in wireless sensor network

3/23 Outline  Problem Description  Model and Assumptions  Contributions  Protocol View  Results  Conclusion and Future Works

4/23 Problem Description  Two Variants of Secure Localization Protocols – Positioning Provide relative or absolute location of nodes within a network Can be Node centric or Infrastructure centric – Distance Bounding Determine an upper bound for the physical distance between two parties Prevent two parties from appearing closer together than they actually are Can be Node centric or Infrastructure centric – Proposed Protocol is for secure positioning

5/23 Secure Positioning Verifiers(V) Adversaries (A) Prover ( at position P)

6/23 Common Distance Measurement Techniques Available techniques – Received Signal Strength (RSS): Exploits the inverse relationship between signal strength and distance to estimate the distance of the transmitter – Time-of-Flight (ToF): Measures elapsed time for a message exchange to estimate distance based on communication medium’s propagation speed. Time-of-Arrival (ToA)

7/23 Model and Assumptions  Multiple Verifiers  Multilateration/Triangulation  Capabilities of Adversary  Directional Antenna  Jam Communication  Create wormhole  Strongest attack model  Collusion Attack o A set of nodes are corrupted o Colluding nodes share a secret channel o No known localization protocol is secure against this attack P Colluding Nodes False Claim

8/23 Collusion Attack P P AiAi r A2A2 A3A3 A1A1 V3V3 V1V1 ViVi V2V2 Time required for travelling a message from V i to P is T i Time required for travelling a message from P to any A i is α dist(1,2) V i sends message at time t A i receives Message at time t+T i -α Attack Scenario V i accepts response at t+2T i V 3 accepts response at t+T i +T 3 V 2 accepts response at t+T i +T 2 V 1 accepts response at t+T i +T 1 A i waits for time 2α-(dist(A i,A j )/c) for adversary A j, then send it to A j A 1 receives message and sends response at t+T i +α A 2 receives message and sends response at t+T i +α A 3 receives message and sends response at t+T i +α A i sends response at t+T i +α

9/23 Related Work “Secure localization with hidden and mobile base stations”- Capkun et al, INFOCOM (2006)- – Hidden/Mobile base stations – Node centric/Infrastructure centric positioning “Position-based Cryptography”-N. Chandran et al, CRYPTO (2009) – Impossibility of security against collusion attack – Bounded Retrieval Model – No pre-sharing of keys

10/23 Contributions  Secure location verification protocol (SLDV)  Use user nodes as dynamic verifiers  Assume Majority of the users are honest  Random Selection of users  No pre-shared key between prover and verifiers  Key is established after successful verification  Secure against collusion attack  Probability of detecting collusion attack  Simulation  Hybrid approach with hidden based stations

11/23 Receive challenge ch at time t p Protocol SLDV Broadcast {ID 1,ID 2,..} Send random nonce ch and Sign(ch)–at time t User List 1.ID,location,skey,IV 2.ID,location,skey,IV User List 1.ID,location,skey,IV 2.ID,location,skey,IV Receive response at time t v2 Receive response at time t v1 Receive response at time t v3 Receive response at time t 1 Check correctness of t v1 and response Check correctness of t v2 and response Check correctness of t v3 and response Send Broadcast response: (ch, PubE(IV,k)) Select dynamic verifiers : { ID 1,ID 2,.. } ID i (new)= ID i (prev) xor SymE(IV i, k i ) DV Prover Selected DV Send Verification Result Claim location p Receive response at time t 2 Check nonce correctness and send response times and own locations Share correctness results Take majority decision from all DV and threshold decision from Verifiers

12/23 Security Properties: SLDV Case-1: Adversary does not know locations of users Probability of Detecting collusion attack:,where, Case-2: Adversary knows locations of users Probability of Detecting collusion attack:

13/23 Security: SLDV (Location is unknown)

14/23 Security: SLDV (Location is known)

15/23 Simulation Results (Location is unknown)

16/23 Simulation Results (Location is known)

17/23 Hybrid Approach  Combine hidden base station & dynamic verifier system  Use a subset of the hidden base stations  Require less dynamic verifiers  Save on infrastructure  Better performance with less trust on users

18/23 Hybrid Approach

19/23 Hybrid Approach h p =0.7

20/23 Security Analysis Security Protection offered by Cryptographic Constructs Protection offered by Positioning of dynamic verifiers xAxA x Colluder’s location Claimed location Dynamic verifier Single Colluder DV can not detect false claim when x A =x

21/23 Security Analysis xAxA x y yAyA Single Colluder- Multiple DV Multiple Colluders- Multiple DV Colluder’s location Claimed location Dynamic verifier Can not Detect when x A =x & y A = y

22/23 Future Works Adding a reputation system to enhance the dynamic verifier selection process. Implementation of the protocol in real wireless environment. Extension of the protocol when prover and verifier has pre-shared key

23/23 Questions?